A wave is beginning to break over the internet – one that may be unstoppable. In the two years preceding 2025, the global number of weekly cyber attacks jumped by 58 per cent, according to the World Economic Forum.
Much of that increase has been attributed to AI, with AI-enabled attacks spiking by 89 per cent in 2025 alone.
But while that rise has largely been driven by improvements in phishing attacks (where criminals use scam emails, calls or text messages to trick you into revealing your bank details or sensitive information), something more fundamental may now have changed. When Anthropic – the company behind the Claude AI models – announced it had developed a powerful new model called Claude Mythos Preview, it sent shudders across the internet.
So powerful was this new model that the company deemed it too dangerous for public release in its current form. Why? Because Mythos Preview can identify security flaws in software that security analysts and even earlier AI models have missed.
In response, Anthropic announced it was forming Project Glasswing, a new initiative bringing together more than 40 of the world’s biggest software and web infrastructure companies. The aim of Project Glasswing is to use Claude Mythos Preview to find and fix those flaws before bad actors develop AI models with similar capabilities and begin exploiting them.
Anthropic says the model has already uncovered thousands of high-severity vulnerabilities – including flaws in every major operating system and web browser. The company warned that “it will not be long before [AI models with] such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout – for economies, public safety, and national security – could be severe.”
In short, what Mythos Preview and other models have revealed is that even some of the most trusted, well-used systems at the foundations of the internet have critical vulnerabilities – some decades old – which AI can hunt down and take advantage of at rates far faster than even the best hackers could dream of.
The question now is: can we fix those flaws and fortify the internet before it’s too late?
The open-source gap
Regardless of your opinions of the corporate behemoths spearheading the AI race, the good news is that, right now, the most powerful tools in the fight for the internet are exclusively in the hands of the ‘good guys’. But it won’t stay that way for long.
The best AI models in the industry are known as ‘frontier models’, and those like Mythos Preview are closely guarded secrets.
However, nipping at the heels of the frontier models are the so-called ‘open-source models’. These systems are transparently released, allowing people to innovate and experiment with the models beyond the capabilities – and guardrails – set out by their creators.
For the most part this is beneficial, but it comes with risk. The decentralisation allows bad actors to fine tune AI agents for malicious purposes and escape monitoring when those retooled models are run on their own servers.
“Two or three years ago, it was less easy, but right now, anyone can access the tools to create an AI agent or a bunch of agents and set them to work,” Prof Peter Bentley, a computer scientist at University College London, tells BBC Science Focus.
“You need powerful computers, but criminals will certainly invest money to make money. They’ll get powerful computers and local models, and absolutely they can do it. Pandora's box is open.”
Open-source models have always lagged behind those on the frontier, but that gap is closing. Over the past two years, the gap between frontier and open-source models has shrunk to about six months, according to a recent report from the AI Security Institute.
Consequently, we may have less than a year before a Mythos Preview-equivalent model falls into the hands of a bad actor looking to exploit vulnerabilities in some of the most fundamental software on the web. See the urgency now?
Cutting through the noise
Before panic sets in and you start stuffing your mattress with money, though, it's worth remembering that the AI industry is notoriously overhyped.
Companies like Anthropic, OpenAI, Google, xAI and the rest may benefit from painting their models as better, more consequential and possibly more dangerous than they are.
Nowhere is this more evident than the workplace. AI companies have been trumpeting the transformative impact AI will have on the world of work for years now, and yet you may have noticed that, for the most part, many jobs remain only slightly altered – if at all.
“A vast amount of money has been spent on AI,” Bentley says. “What has it changed? It is changing jobs, but mainly it’s about making things more efficient.”
So while Anthropic described Mythos Preview as a “leap” forward in its capabilities, others are more cautious.
Gary Marcus, for example, is a scientist, author and leading voice in the AI sceptic community. In a recent post on his Marcus on AI Substack following the Project Glasswing announcement he lowered the temperature, writing: “The model itself is incrementally better than previous recent models, but certainly not an off-the-chart breakthrough.”
Marcus’ blog pointed to an analysis from AI cybersecurity company Aisle, which found that even small, cheap models could do much of the same work as Claude Mythos Preview.
He added: “To a certain degree, I feel that we were played. The demo was definitely proof of concept that we need to get our regulatory and technical house in order, but not the immediate threat the media and public was lead [sic] to believe.”
And even if the next wave of models are genuinely capable of crashing the entire internet, it’s not entirely certain that’s what bad actors would use them for.
“Someone would only crash the internet if they wanted to do that, and that's not very useful,” Bentley says. “The most likely exploits will be targeted ones for financial benefit.”
Though such logic mostly applies to cybercrime groups. Political adversaries, be it nation states or terrorist organisations, may be more motivated to wreak havoc rather than reward.
“If certain states get hold of it, they will use it against other countries,” Bentley says. “It’s weaponising AI in a surprisingly easy way.”
The race is on
Whatever the case, it’s clear the race is now on to shore up the internet before this next wave of models reaches the public.
But is patching every vulnerability the right way to go about it? And is it even possible?
For one thing, using AI to patch code can be tricky at best. “Code written by AI is often convoluted and not brilliant,” Bentley says. “If you start using AI to patch existing code, it’s going to get messy, people won’t understand it and it’ll create more vulnerabilities.”
The answer, then, may be for defenders to manufacture an upper hand while they still have the lead.
As a recent post from the UK Government’s National Cyber Security Centre (NCSC) pointed out, “the key advantage in defenders’ favour is that they have the ability to ‘shape the battlefield’; that is to shape their environment to make it work better for them and disadvantage the adversary.”
Additionally, AI could be deployed effectively to patrol for dangerous AI activity. At least in the near term, AI tends to be quite clunky in its attempts to infiltrate systems, meaning it generates noticeable security alerts that are relatively easy to detect, the NCSC post explained.
For Bentley, though, it’s clear we’re now in an arms race. “It’s like giving a bunch of clever scientists all the possible documents in the world about how to make explosives and telling them to have fun with it,” he says.
The worrying thing is we don’t know what will go up in smoke first.
Read more:
